RELEASE NOTES & SECURITY REPORTS

Free scanners, vulnerability reports, and platform-specific guidance. No fluff.

Vibe Coding Security Weekly — June 8, 2026: The Agent Becomes the Weapon and the Target — Sophos Catches Claude+Cursor Building Malware, Miasma Plants .cursor/rules in Microsoft Repos, RedHat npm Falls
2026.06.08 · 9 MIN READ · Sophos X-Ops documents a threat actor using Cursor and Claude Opus 4.5 to build an 80-module EDR-evasion framework — the agent as weapon. …
SCANNER
Lovable Security Report June 2026: The Agent-Integration Layer Goes Operational
2026.06.08 · 7 MIN READ · The attack class May named went live in June. Sophos caught a threat actor using Cursor and Claude Opus 4.5 to build an 80-module …
SCANNER
Vibe Coding Security Weekly — June 1, 2026: '62%' Chases '45%', Moltbook Becomes the Reference Breach, Thoughtworks Names the Root Cause, GitHub Weighs PR Gates
2026.06.01 · 8 MIN READ · OX Security puts the number at 62%, one week after Veracode's 45% became canon — and the field quietly admits the number won't settle. The …
SCANNER
Vibe Coding Security Weekly — May 25, 2026: Apple Pulls 'Anything', Cursor Ships Composer 2, OpenAI Eyes $3B Windsurf Deal, Veracode 45% Becomes Canon
2026.05.25 · 8 MIN READ · Apple removes the 'Anything' vibe-coding app under Guideline 2.5.2 — the app reappears on Google Play in 30 seconds. Cursor ships its own …
SCANNER
Vibe Coding Security Weekly — May 18, 2026: 1,764-App Audit Confirms RedAccess, Cursor Ships Bugbot, Mini Shai-Hulud Hits 169 npm Packages
2026.05.18 · 8 MIN READ · B1KEY's 1,764-app audit independently confirms the RedAccess shape (7% wide-open Supabase, IDOR-by-URL-increment). Cursor announces Bugbot. …
SCANNER
2026 AI Coding Security Report: The Data Behind the Vibe-Coding Breach Wave
2026.05.13 · 13 MIN READ · May 2026 update built on a 1,812-event firehose corpus across 7.5 days. 380,000 vibe-coded assets indexed, ~5,000 leaking sensitive data. …
SCANNER
Vibe Coding Security Weekly — May 11, 2026: RedAccess Finds 380K Exposed Apps, TrustFall Hits AI Agents, Replit Ships Security Agent
2026.05.11 · 7 MIN READ · RedAccess scanned 380,000 vibe-coded apps and found ~5,000 leaking corporate data. WIRED and Axios verified. Plus TrustFall (AI coding …
SCANNER
Lovable Security Report May 2026: The Defender Stack Reorganizes Around Vibe Coding
2026.05.11 · 8 MIN READ · May 2026 was the month vibe-coding security defenders started shipping. Replit launched Security Agent + Workspace Security Center 2.0. …
SCANNER
Vibe Coding Security Weekly — May 5, 2026: Replit vs Apple Goes Legal, Mythos Finds 271 Firefox Bugs, Gemini CLI CVSS-10 RCE
2026.05.05 · 6 MIN READ · A week of escalation: Replit's CEO calls Apple's App Store block a 'total lie' and threatens court, Anthropic's Mythos preview helps Mozilla …
SCANNER
VibeEval vs Competitors: The 2026 AI-Codegen Security Scanner Landscape
2026.05.02 · 8 MIN READ · A 2026 survey of security scanners for apps built by Lovable, Bolt, Cursor, Replit, and V0. How legacy SAST, modern AI-flavored scanners, …
SCANNER
After Testing Every Major LLM, None Ship Validation That Survives the First Pass
2026.05.02 · 7 MIN READ · We tested Claude Sonnet 4.5, GPT-5, Gemini 2.5, Cursor, Lovable, Bolt, and Replit. None produce input validation that survives a red-team …
SCANNER
Vibe Coding Security Weekly — Apr 30, 2026: Apple Blocks Vibe-Coding Updates, Claude Code Source-Map Leak, Lovable Goes Mobile
2026.04.30 · 5 MIN READ · Three days in vibe-coding security: Apple blocks Replit and Vibecode App Store updates over post-approval code changes, Anthropic ships full …
SCANNER
Lovable Security Report April 2026: 380K Apps Scanned, 5K Leaking, 5 Brands Phished on Lovable's Domain
2026.04.30 · 8 MIN READ · April 2026 was the month Lovable's exposure landscape went mainstream. RedAccess scanned 380,000 vibe-coded apps across Lovable, Base44, …
SCANNER
Vibe Coding Security Weekly — Apr 28, 2026: Wiz Red Agent, SecureVibeBench, Red Gate's DB Failure Patterns
2026.04.28 · 6 MIN READ · Five days of vibe-coding security stories: Wiz launches Red Agent and AI-BOM at Google Cloud Next, SecureVibeBench numbers the AI …
SCANNER
Vibe Coding Security Weekly — Apr 23, 2026: Lovable 48-Day Leak, Anthropic MCP RCE, Gitar Launch
2026.04.23 · 6 MIN READ · Seven days of vibe-coding security stories in one place: Lovable's 48-day chat exposure, Anthropic's MCP RCE affecting 200,000+ servers, …
SCANNER
Your CLAUDE.md Is Attack Surface: Snyk ToxicSkills + MCP Prompt Injection
2026.04.20 · 4 MIN READ · Snyk scanned 3,984 agent skills and found critical issues in 13.4% of them, with 76 confirmed malicious. A March 2026 arXiv paper tested MCP …
SCANNER
When Beauty Bloggers Explain RLS, Vibe Coding Is Baseline
2026.04.20 · 3 MIN READ · A Japanese beauty blogger shipped a real app with Claude Code in 2026 — and her post includes a whole section teaching Supabase Row-Level …
SCANNER
Vercel Breach via Context.ai: Your AI Stack Is Now Your Supply Chain
2026.04.20 · 3 MIN READ · Vercel confirmed a breach that started with a third-party AI tool an employee used. Attackers pivoted from Context.ai to Google Workspace to …
SCANNER
Prompt Injection Turns AI Coding Agents Into Key Exfiltrators
2026.04.20 · 3 MIN READ · Researchers prompt-injected AI coding agents from Anthropic, Google, and Microsoft running inside GitHub Actions and exfiltrated API keys …
SCANNER
Lovable BOLA: The $6.6B Vibe-Coding Platform Just Got Vibe-Coded
2026.04.20 · 4 MIN READ · Researcher discloses a Broken Object Level Authorization flaw on Lovable: change a project ID in the URL, free account, pull anyone's full …
SCANNER
Kiro IDE: Vibe-Coding Fix or Compliance Gate in AI Cosplay?
2026.04.20 · 3 MIN READ · Kiro IDE's pitch is docs-first AI coding with automated security scans on every save. On paper it kills vibe-coding mistakes. In practice it …
SCANNER
DeepKeep Launches Vibe AI Red Teaming. Red Teaming Is Now Vibe-ified.
2026.04.20 · 3 MIN READ · DeepKeep shipped Vibe AI Red Teaming: human-in-the-loop attacks on AI apps and agents, with natural-language steering. CTO says it's 'the …
SCANNER
Broken by Default: AI Coding Assistants Fail 55.8% of Security-Critical Prompts
2026.04.20 · 5 MIN READ · A new formal-verification study by Blain & Noiseux (Cobalt AI, April 2026) tested 7 production LLMs on 500 security-critical prompts and …
SCANNER
Lovable + Aikido Pentesting: $100 Security Test vs VibeEval's Free Scanner
2026.03.31 · 6 MIN READ · Lovable announced $100 pentesting via Aikido. We compare what you get: blackbox/greybox/whitebox testing, OWASP coverage, compliance …
SCANNER
Apple vs Vibe Coding: Anything App Removed, Replit and Vibecode Blocked
2026.03.31 · 7 MIN READ · Apple removed Anything -- a $100M vibe coding app -- from the App Store and blocked updates for Replit and Vibecode. Here
SCANNER
Free Windsurf Security Scanner - Find Vulnerabilities in 60 Seconds
2026.03.12 · 5 MIN READ · Scan code built with Windsurf (Codeium) for security flaws instantly. 13 AI agents test for exposed secrets, broken auth, and insecure API …
SCANNER
Free GitHub Copilot Security Scanner - Find Vulnerabilities in 60 Seconds
2026.03.12 · 5 MIN READ · Scan code built with GitHub Copilot for security flaws instantly. 13 AI agents test for injection vulnerabilities, insecure patterns, and …
SCANNER
Free Firebase Studio Security Scanner - Find Vulnerabilities in 60 Seconds
2026.03.12 · 5 MIN READ · Scan apps built with Firebase Studio for security flaws instantly. 13 AI agents test for misconfigured Firestore rules, exposed credentials, …
SCANNER
Lovable Security Report Feb 2026: 18,000 Users Exposed, 170+ Databases Breached
2026.02.28 · 8 MIN READ · Stop manually retesting your app. Automatic security testing that catches vulnerabilities in AI-generated code before users do. Works with …
SCANNER
Free Cursor Security Scanner - Find Vulnerabilities in 60 Seconds
2026.02.28 · 5 MIN READ · Stop manually retesting your app. Automatic security testing that catches vulnerabilities in AI-generated code before users do. Works with …
SCANNER
VibeEval Security Scanner vs Reka Vibe-Eval Benchmark | Not the Same Product
2026.01.27 · 5 MIN READ · Stop manually retesting your app. Automatic security testing that catches vulnerabilities in AI-generated code before users do. Works with …
SCANNER
07
Free Replit Security Scanner: Vulnerability Check
2026.01.07 · 5 MIN READ · Replit's instant deploy is magical — and magically hides exposed keys, missing auth, and injection-ready endpoints.
REPLIT SCANNER
06
Figma Make Security Scanner - Secure Your AI-Generated Code
2026.01.07 · 5 MIN READ · When designs become code, AI makes implicit assumptions about data handling and auth. Those assumptions are often unsafe.
FIGMA-MAKE SCANNER
05
Claude Code Security Scanner - Secure Your AI-Generated Code
2026.01.07 · 5 MIN READ · Claude Code can generate thousands of lines of code in minutes. Security review can't keep pace without AI-powered testing.
CLAUDE-CODE SCANNER
04
V0 Security Scanner - Test Your Vercel V0 Components Free
2025.06.14 · 4 MIN READ · V0 ships polished React components fast. Validation, state handling, and XSS sanitization get glossed over.
V0 SCANNER
01
Free Lovable Security Scanner - Find Vulnerabilities in 60 Seconds
2025.06.14 · 9 MIN READ · Over 1,430 Lovable apps scanned. 5,711 vulnerabilities found. Missing RLS is #1. Deep dive on RLS per-op checks + the 6 Vibe Coding flows …
LOVABLE SCANNER
03
Free Base44 Security Scanner: Vulnerability Check
2025.06.14 · 5 MIN READ · Base44's AI app builder is production-capable with proper security testing — auth, API endpoints, session handling.
BASE44 SCANNER
02
Bolt.new Security Scanner - Free Vulnerability Check in 2 Minutes
2025.06.14 · 4 MIN READ · Full-stack AI generates frontend, backend, and database logic in seconds. Security gaps emerge between the layers.
BOLT SCANNER
VibeEval: A Vibe-Friendly Alternative to Snyk for Testing AI-Generated Apps
2025.05.12 · 5 MIN READ · Stop manually retesting your app. Automatic security testing that catches vulnerabilities in AI-generated code before users do. Works with …
SCANNER
VibeEval for Testing Vibe-Coding Apps with Lovable, Cursor, and Bolt
2025.05.08 · 5 MIN READ · Stop manually retesting your app. Automatic security testing that catches vulnerabilities in AI-generated code before users do. Works with …
SCANNER